This analytic detection rule identifies changes to the Windows registry that disable the Windows Defender phishing filter, a critical security feature in Microsoft Edge. By monitoring specific registry keys associated with edge browser's phishing filter settings, this rule can sense when the protection mechanism is impaired, which may facilitate phishing attacks by allowing providers of malicious content to deceive users without triggering browser warnings. The relevant Sysmon events are captured to highlight any regressive modifications made to essential Windows security settings. Confirmation of such changes is essential, as they expose Windows systems to potential threats, resulting in possible data breaches or other security incidents.